The attention of all UK licensed gambling operators is drawn to a “Covid-19 emerging risks bulletin – May 2021” published today (28 May 2021) by the Gambling Commission, that looks at:
- innovations in cryptoassets,
- the quality of suspicious activity report (SAR) submissions,
- insufficient due diligence checks and
- the threat of organised crime.
AML/CTF risk assessments together with policies, procedures and controls arising from such risk assessments should be duly reviewed as a matter of urgency.
The bulletin states as follows:
Innovations in the cryptoasset market
The Commission is reiterating the importance of operator’s responsibilities under Licence Condition 12.1.1 (1), which requires licensees to conduct an assessment of the risks their businesses face from money laundering and terrorist financing upon the introduction of new products or technology or new methods of customer payment.
The cryptoasset market is constantly evolving due to increasing popularity and product innovations e.g., ‘non-fungible tokens’. Licence Condition 12.1.1.(3) requires operators to take account of any applicable learning or guidelines published by the Commission on this subject. Cryptoasset payments have been rated high risk in our current publication of the money laundering and terrorist financing risks in Great Britain’s gambling industry. Operators are also required to submit a key event to the Commission under Licence Condition 15.1.2(8) wherever there are changes in payment methods.
It has been noted that the UK’s Crown Prosecution Service (CPS) (opens in new tab) expects to see an increase in the number of Bitcoin and cryptoasset related scams in the coming years. The Commission encourages operators to remain vigilant to such changes and update their anti-money laundering and counter-terrorist financing risk assessments.
Also, to assist with implementing a risk-based approach the Financial Action Task Force (FATF), the inter-governmental watchdog that establishes standards for anti-money laundering and know-your-customer requirements, has published both new standards for implementation of a risk-based approach (opens in new tab) and new draft guidance (opens in new tab) for decentralised platforms. Operators must familiarise themselves with FATF’s guidance to combat money laundering and terrorist financing and implement learning into their business.
Quality of suspicious activity report (SAR) submissions
The Commission is drawing Licensees’ attention to the National Crime Agency’s (NCA) published guidance (opens in new tab) which provides information on submitting quality SARs. The guidance acts as a useful checklist for what information should be included in a SAR, including relevant glossary codes, to ensure the maximum impact from the information provided. The NCA during COVID-19 pandemic has seen an increase in SAR submissions and it is vital that operators submit a SAR to the United Kingdom’s Financial Intelligence Unit (UKFIU) whenever there is knowledge or suspicion of money laundering or terrorist financing (as required under the Proceeds of Crime Act 2002 (PoCA) (opens in new tab) and the Terrorism Act 2000 (TACT) (opens in new tab). Failure to do so may result in Licensees committing a criminal offence.
Operators are also reminded that failure to submit a Defence Against Money Laundering (DAML) or a Defence Against Terrorist Financing (DATF) SAR to the UKFIU to obtain consent, when considering committing a prohibited act, could be a criminal offence under PoCA and/or TACT. Examples of prohibited acts could include:
- transferring customer balances when a suspicion has been formed; or
- retaining customer’s account balance once a suspicion has been formed; or
- moving a customer’s account balance within your business to a different account once a suspicion has been formed.
Operators are also reminded that a corresponding SAR Key Event and reference number must also be submitted under Licence Condition 15 to the Commission.
Insufficient due diligence measures, the threat of organised crime and customers from high risk third jurisdictions
The Commission is highlighting to Licensees that it has identified various examples of operators failing to sufficiently scrutinise the source of customer’s funds. It is becoming increasingly important for operators to carry out sufficient due diligence checks as the threat of serious and organised crime increases globally. Failure to conduct sufficient due diligence checks becomes even more problematic (for example) as:
- the threat from organised crime infiltrating businesses remains significant.This year’s EU Serious Organized Crime Threat Assessment 2021 states that trade in illegal drugs continues to “dominate” the world of organised crime in the EU accounting for a large portion of criminal profits, money laundering and violence linked to organised crime; and
- if a customer is from a high-risk third country.
The UK government has recently added Pakistan to the list of undesirable high-risk third countries due to unsatisfactory money laundering and terrorist financing controls. The list of 21 high risk third countries replicates the list of countries named by FATF as high-risk or under increased monitoring.
The full list of high-risk third countries under Schedule 3ZA of the Money Laundering and Terrorist Financing (Amendment) (High-Risk Countries) Regulations 2021 (MLTFR 2021) (opens in new tab) includes, in order: Albania, Barbados, Botswana, Burkina Faso, Cambodia, Cayman Islands, Democratic People’s Republic of Korea, Ghana, Iran, Jamaica, Mauritius, Morocco, Myanmar, Nicaragua, Pakistan, Panama, Senegal, Syria, Uganda, Yemen and Zimbabwe.
According to the UK government, the nations in this category pose a threat because of weak tax controls and lack of check and balance on terrorism-financing and money-laundering.
The MLTFR 2021 came into force on March 26th, 2021 after the definition of a high-risk third country identified in a new Schedule 3ZA and updates the Money Laundering Regulations 2017 (opens in new tab).
All operators are required to take a risk-based approach to mitigate the risk of money laundering and terrorist financing. Both our casino guidance and guidance for non-casino operators makes clear that, ‘higher risk customers should be subjected to a frequency and depth of scrutiny greater than may be appropriate for lower risk customers’.
Casino businesses are also required under the Money Laundering Regulations 2017 to carry out enhanced customer due diligence measures (ECDD) wherever there is a higher risk of money laundering or terrorist financing. Please refer to our comprehensive casino guidance for further information on the circumstances in which ECDD measures must be applied.
Podcast from the UKFIU
The UKFIU have released a new podcast (opens in a new tab) where they chat with Graeme Biggar, Director General of the National Economic Crime Centre (NECC). Graeme Biggar discusses:
- The work and remit of the NECC, particularly with regards to the UKFIU’s position in it.
- The headline figures from the 2020 SARs Annual Report.
- Plans for the future of the UKFIU and the SARs regime.
- How SARs can make a big difference in cutting serious organised crime.
Operators are encouraged to listen this podcast (and previously released UKFIU podcasts) as it can be used as an aid in complying with legal duties.